Merge pull request #46 from bdach/better-error-on-too-large-request

Show better error message on exceeding absolute request body cap

Author: peppy

osu.Server.BeatmapSubmission.Tests/BeatmapSubmissionControllerTest.cs

@@ -1028,8 +1028,10 @@ public async Task TestUploadFullPackage_PathTraversalAttackFails(string suspicio
             Assert.False(response.IsSuccessStatusCode);
         }
 
-        [Fact]
-        public async Task TestUploadFullPackage_FailsIfSizeTooLarge()
+        [Theory]
+        [InlineData(50 * 1024 * 1024)]
+        [InlineData(200000001)]
+        public async Task TestUploadFullPackage_FailsIfSizeTooLarge(long size)
         {
             using var db = await DatabaseAccess.GetConnectionAsync();
             await db.ExecuteAsync("INSERT INTO `phpbb_users` (`user_id`, `username`, `username_clean`, `country_acronym`, `user_permissions`, `user_sig`, `user_occ`, `user_interests`) VALUES (1000, 'test', 'test', 'JP', '', '', '', '')");
@@ -1042,7 +1044,7 @@ public async Task TestUploadFullPackage_FailsIfSizeTooLarge()
             var request = new HttpRequestMessage(HttpMethod.Put, "/beatmapsets/241526");
 
             using var content = new MultipartFormDataContent($"{Guid.NewGuid()}----");
-            byte[] data = new byte[50 * 1024 * 1024];
+            byte[] data = new byte[size];
             new Random(1337).NextBytes(data);
             var stream = new MemoryStream();
 
@@ -1059,7 +1061,7 @@ public async Task TestUploadFullPackage_FailsIfSizeTooLarge()
 
             var response = await Client.SendAsync(request);
             Assert.False(response.IsSuccessStatusCode);
-            Assert.Contains("The beatmap package is too large.", (await response.Content.ReadFromJsonAsync<ErrorResponse>())!.Error);
+            Assert.Contains("too large", (await response.Content.ReadFromJsonAsync<ErrorResponse>())!.Error);
         }
 
         [Fact]

osu.Server.BeatmapSubmission/BeatmapSubmissionController.cs

@@ -493,22 +493,8 @@ private void checkPackageSize(long packageSizeBytes, BeatmapPackageParseResult p
             if (packageSizeBytes > allowableSizeBytes)
             {
                 throw new InvariantException($"The beatmap package is too large. "
-                                             + $"The size of the package with the requested changes applied is {humaniseSize(packageSizeBytes)}. "
-                                             + $"The maximum allowable size is {humaniseSize(allowableSizeBytes)}.");
-            }
-
-            static string humaniseSize(double sizeBytes)
-            {
-                string humanisedSize;
-
-                if (sizeBytes < 1024)
-                    humanisedSize = $@"{sizeBytes}B";
-                else if (sizeBytes < 1024 * 1024)
-                    humanisedSize = $@"{sizeBytes / 1024:#.0}kB";
-                else
-                    humanisedSize = $@"{sizeBytes / 1024 / 1024:#.0}MB";
-
-                return humanisedSize;
+                                             + $"The size of the package with the requested changes applied is {FormatUtils.HumaniseSize(packageSizeBytes)}. "
+                                             + $"The maximum allowable size is {FormatUtils.HumaniseSize(allowableSizeBytes)}.");
             }
         }
 

osu.Server.BeatmapSubmission/FormatUtils.cs

@@ -0,0 +1,22 @@
+// Copyright (c) ppy Pty Ltd <[email protected]>. Licensed under the MIT Licence.
+// See the LICENCE file in the repository root for full licence text.
+
+namespace osu.Server.BeatmapSubmission
+{
+    public class FormatUtils
+    {
+        public static string HumaniseSize(double sizeBytes)
+        {
+            string humanisedSize;
+
+            if (sizeBytes < 1024)
+                humanisedSize = $@"{sizeBytes}B";
+            else if (sizeBytes < 1024 * 1024)
+                humanisedSize = $@"{sizeBytes / 1024:#.0}kB";
+            else
+                humanisedSize = $@"{sizeBytes / 1024 / 1024:#.0}MB";
+
+            return humanisedSize;
+        }
+    }
+}

osu.Server.BeatmapSubmission/ModelStateValidationFilter.cs

@@ -3,6 +3,7 @@
 
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.AspNetCore.Mvc.Filters;
+using osu.Server.BeatmapSubmission.Models.API.Responses;
 
 namespace osu.Server.BeatmapSubmission
 {
@@ -28,7 +29,15 @@ public void OnActionExecuting(ActionExecutingContext context)
                     continue;
 
                 foreach (var error in value.Errors)
+                {
+                    if (string.IsNullOrEmpty(key) && (error.ErrorMessage.Contains("Request body too large") || error.ErrorMessage.Contains("Multipart body length limit")))
+                    {
+                        context.Result = new ErrorResponse($"Request body too large. Size must be lower than {FormatUtils.HumaniseSize(Program.ABSOLUTE_REQUEST_SIZE_LIMIT_BYTES)}.").ToActionResult();
+                        return;
+                    }
+
                     errorList.Add($"{{ field: \"{key}\", message: \"{error.ErrorMessage}\", exception: \"{error.Exception}\" }}");
+                }
             }
 
             logger.LogError($"""